While the Kubernetes and container market is still in its early days in 2020, Gartner estimates that in 2020, around 24% of all enterprises are running microservices-based application workloads. It is interesting, however, that as more applications are broken down from the original monolith into microservices, the challenge is to manage a large number of microservices with an increasing amount of sprawl. Enter a promising new technology – the Service Mesh – that has just begun to slowly mature. As a disclaimer that my expertise in this area is confined to Istio and not the other players generally mentioned (Linkerd, Consul etc).
(Image Credit – Ricardo Gomez Angel on Unsplash)
Key Challenges in Managing Microservices
The majority of containerized applications are designed to leverage microservices. As we have seen before on this blog, microservices are an approach to software design and deployment wherein application functions are broken down into smaller, atomic, and individually deployable services.
As discussed in the below blog a couple of years ago, Microservices were designed in response to the inability of monolithic (three-tier) architectures to scale and support cloud-native patterns.
Why Legacy Monolithic Architectures Won’t Work For Digital Platforms..
The key benefits of using microservices are as follows –
- Modularity in software design
- The ability for different teams to develop their own microservices in a parallel fashion, only communicating with one another using open APIs
- The ability to update, deploy them individually and independently of one another
However, the microservices approach isn’t a panacea and can lead to more problems if not well understood. Enterprise developers need to be at a certain point of cloud maturity before going down this path. Microservices bring in their own complexity in the following areas –
- Microservices render an application more complex as you will have dozens of more moving parts
- Interservice interactions (and managing timeouts and failures), service discovery, and security can all be rendered more complex
- Traffic management is key to ensure that canary deployments, A/B testing can all be carried out
Instead of writing cross-cutting code in every service that handles the above, the Service Mesh is a way of standardizing service management, traffic routing, load balancing, and failure recovery. As depicted by the below illustration, Envoy is an application-level service proxy that has proved to be highly functional and performant after its development at Lyft. It is used as the application level proxy that is leveraged by nearly every service mesh technology. It provides an interceptor for service requests and calls the service using method calls.
Istio Architecture [1]
Let’s define a Service Mesh
A service mesh is a programmable framework that allows you to observe, secure, and connect microservices. It doesn’t establish connectivity between microservices, but instead has policies and controls that are applied on top of an existing network to govern how microservices interact. Generally, a service mesh is agnostic to the language of the application and can be applied to existing applications usually with little to no code changes.
- Service Connectivity – Service Meshes provide you with the ability to control traffic flow & callouts between services. They add on to this with the ability to configure service timeouts, circuit breakers, and retries. This then makes it easier to set up complex tasks like A/B testing and Canary deployments. They also provide for service resilience by. All this is provided by a sidecar container running along with the Service.
- Security – They can be a robust tool to enforce security across a vast number of microservices. They can enforce security and policies that act on service to service communication. A popular service mesh like Istio provides a certificate authority (CA) to manage keys and certificates for securing service-to-service communication by giving each service a unique identity.
- Observability – Service Meshes enable visibility across services as well as providing the ability to troubleshoot issues by doing things such as service re-tries, as well as enforcing circuit breakers to disable nonfunctioning service instances, as an example.
- Legacy Modernization – Service Meshes can help bring legacy monoliths into a common control plane. These services can still run in VMs or containers. The Facade & Strangler patterns can be used to not only decompose but also front monoliths with a service and an API thus gaining the benefits of observability around the application.
So Are Service Meshes of 2020 Mature and Dependable?
As they mature and in a matter of a few quarters, Service Mesh technology should become the single pane of glass for most microservices deployments as well as the best solution to fix interservice issues, traffic policies, security, etc. However, it needs to be remembered that they are still a brand new category of technology.
In a nutshell, “No, not yet”. I have been part of customer interactions around the Managed Istio offering. The following issues stand out –
- In general, the complexity of service meshes can be overkill for smaller microservice projects with just a few clusters. This is not to state that the complexity will continue to remain but at the point of writing, from my experience there can not just be a steep learning curve but also issues with operationalizing the technology in a real-world multi-tenant usage scenario.
- Owing to the relative complexity in its architecture (with a control plane and a data plane, its use of service proxies), the technology is still unstable and not mature to run on a production scale
Conclusion
While it’s still early days for Service Mesh technology, vendor support as well as the presence of existing DevOps and SRE aware resources can help mitigate this challenge to a good extent. However, it will still be a few more quarters before they start to see widespread deployment usage. The next post will dive deeper into Envoy.
References
[1] Project Istio – https://istio.io/latest/